Bug 263021 - Crash/hang when printing a pdf
Crash/hang when printing a pdf
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: freetype (Show other bugs)
8
All All
medium Severity low
: ---
: ---
Assigned To: Behdad Esfahbod
Fedora Extras Quality Assurance
bzcl34nup
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-29 07:44 EDT by Kjartan Maraas
Modified: 2008-04-07 08:56 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-07 08:56:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kjartan Maraas 2007-08-29 07:44:48 EDT
Description of problem:

I see this crash when trying to print out a range of pages from a pdf:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211159664 (LWP 6331)]
0x02a8ab61 in FT_Get_PS_Font_Info (face=0xb57b47c0, afont_info=0xb7cf0e88) at
/usr/src/debug/freetype-2.3.5/src/base/fttype1.c:39
39            FT_FACE_FIND_SERVICE( face, service, POSTSCRIPT_INFO );
(gdb) bt
#0  0x02a8ab61 in FT_Get_PS_Font_Info (face=0xb57b47c0, afont_info=0xb7cf0e88)
    at /usr/src/debug/freetype-2.3.5/src/base/fttype1.c:39
#1  0x00b78bf9 in _cairo_type1_subset_init (type1_subset=0xb7cf0f30,
name=0xb7cf0f78 "CairoFont-4-0", 
    scaled_font_subset=0xb7cf0ff0, hex_encode=1) at cairo-type1-subset.c:123
#2  0x00b64fa4 in _cairo_ps_surface_emit_unscaled_font_subset
(font_subset=0xb7cf0ff0, closure=0xb653a460)
    at cairo-ps-surface.c:376
#3  0x00b7771e in _cairo_sub_font_collect (entry=0x9eaac68, closure=0xb7cf1070)
at cairo-scaled-font-subsets.c:400
#4  0x00b4807c in _cairo_hash_table_foreach (hash_table=0xb6557500,
hash_callback=0xb77640 <_cairo_sub_font_collect>, 
    closure=0xb7cf1070) at cairo-hash.c:562
#5  0x00b775d3 in _cairo_scaled_font_subsets_foreach_internal
(font_subsets=0xb6580a30, 
    font_subset_callback=0xb64f10 <_cairo_ps_surface_emit_unscaled_font_subset>,
closure=0xb653a460, is_scaled=0)
    at cairo-scaled-font-subsets.c:636
#6  0x00b65641 in _cairo_ps_surface_finish (abstract_surface=0xb653a460) at
cairo-ps-surface.c:730
#7  0x00b54873 in *INT_cairo_surface_finish (surface=0xb653a460) at
cairo-surface.c:504
#8  0x00b54920 in *INT_cairo_surface_destroy (surface=0xb653a460) at
cairo-surface.c:401
#9  0x00b5ecce in _cairo_paginated_surface_finish (abstract_surface=0xb657ff00)
at cairo-paginated-surface.c:147
#10 0x00b54873 in *INT_cairo_surface_finish (surface=0xb657ff00) at
cairo-surface.c:504
#11 0x00b54920 in *INT_cairo_surface_destroy (surface=0xb657ff00) at
cairo-surface.c:401
#12 0x00b47925 in _cairo_gstate_fini (gstate=0xb65de200) at cairo-gstate.c:172
#13 0x00b40c2f in *INT_cairo_destroy (cr=0xb65de1e0) at cairo.c:270
#14 0x08098ca2 in g_cclosure_marshal_VOID__VOID () at gmarshal.c:56
#15 0x08098cf5 in g_cclosure_marshal_VOID__VOID () at gmarshal.c:56
#16 0x08096b33 in g_cclosure_marshal_VOID__VOID () at gmarshal.c:56
---Type <return> to continue, or q <return> to quit---
#17 0x0805e5df in g_cclosure_marshal_VOID__VOID () at gmarshal.c:56
#18 0x0805d9f5 in g_cclosure_marshal_VOID__VOID () at gmarshal.c:56
#19 0x0805deac in g_cclosure_marshal_VOID__VOID () at gmarshal.c:56
#20 0x00c5377f in g_thread_create_proxy (data=0x99e6cd0) at gthread.c:634
#21 0x00d2953b in start_thread () from /lib/libpthread.so.0
#22 0x00e0e0ee in clone () from /lib/libc.so.6

The file itself is available here:
http://friprog.no/files/Friprog-Magasinet_online.pdf

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Kjartan Maraas 2007-08-29 08:11:14 EDT
Here's some additional output from valgrind which might point to poppler being
the culprit. I'll leave that up to you guys to decide.

==7035== Thread 2:
==7035== Use of uninitialised value of size 4
==7035==    at 0x4A696F0: cairo_surface_get_device_offset (cairo-surface.c:828)
==7035==    by 0x4941F6E: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:625)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035== 
==7035== Invalid read of size 8
==7035==    at 0x4A696F0: cairo_surface_get_device_offset (cairo-surface.c:828)
==7035==    by 0x4941F6E: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:625)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035==  Address 0x72752CC is 8 bytes after a block of size 68 free'd
==7035==    at 0x4021E56: operator delete(void*) (vg_replace_malloc.c:244)
==7035==    by 0x52C8A52: Gfx::popResources() (Gfx.cc:4237)
==7035==    by 0x52D0706: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3897)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035== 
==7035== Use of uninitialised value of size 4
==7035==    at 0x4A696F9: cairo_surface_get_device_offset (cairo-surface.c:830)
==7035==    by 0x4941F6E: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:625)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035== 
==7035== Invalid read of size 8
==7035==    at 0x4A696F9: cairo_surface_get_device_offset (cairo-surface.c:830)
==7035==    by 0x4941F6E: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:625)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035==  Address 0x72752D4 is not stack'd, malloc'd or (recently) free'd
==7035== 
==7035== Conditional jump or move depends on uninitialised value(s)
==7035==    at 0x4941FE8: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:636)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035== 
==7035== Conditional jump or move depends on uninitialised value(s)
==7035==    at 0x4A6B8DC: cairo_surface_destroy (cairo-surface.c:391)
==7035==    by 0x4942120: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:661)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035== 
==7035== Use of uninitialised value of size 4
==7035==    at 0x4A6B8DE: cairo_surface_destroy (cairo-surface.c:391)
==7035==    by 0x4942120: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:661)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035== 
==7035== Invalid read of size 4
==7035==    at 0x4A6B8DE: cairo_surface_destroy (cairo-surface.c:391)
==7035==    by 0x4942120: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:661)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035==  Address 0x727528C is 12 bytes inside a block of size 68 free'd
==7035==    at 0x4021E56: operator delete(void*) (vg_replace_malloc.c:244)
==7035==    by 0x52C8A52: Gfx::popResources() (Gfx.cc:4237)
==7035==    by 0x52D0706: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3897)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035== 
==7035== Use of uninitialised value of size 4
==7035==    at 0x4A6B8EF: cairo_surface_destroy (cairo-surface.c:396)
==7035==    by 0x4942120: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:661)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035== 
==7035== Invalid write of size 4
==7035==    at 0x4A6B8EF: cairo_surface_destroy (cairo-surface.c:396)
==7035==    by 0x4942120: CairoOutputDev::setSoftMask(GfxState*, double*, int,
Function*, GfxColor*) (CairoOutputDev.cc:661)
==7035==    by 0x52D0771: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3900)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
==7035==  Address 0x727528C is 12 bytes inside a block of size 68 free'd
==7035==    at 0x4021E56: operator delete(void*) (vg_replace_malloc.c:244)
==7035==    by 0x52C8A52: Gfx::popResources() (Gfx.cc:4237)
==7035==    by 0x52D0706: Gfx::doForm1(Object*, Dict*, double*, double*, int,
int, GfxColorSpace*, int, int, int, Function*, GfxColor*) (Gfx.cc:3897)
==7035==    by 0x52D295D: Gfx::doSoftMask(Object*, int, GfxColorSpace*, int,
int, Function*, GfxColor*) (Gfx.cc:1086)
==7035==    by 0x52D3308: Gfx::opSetExtGState(Object*, int) (Gfx.cc:1004)
==7035==    by 0x52CACE2: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==7035==    by 0x52CAEAB: Gfx::go(int) (Gfx.cc:594)
==7035==    by 0x52CB456: Gfx::display(Object*, int) (Gfx.cc:557)
==7035==    by 0x5310945: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:406)
==7035==    by 0x493D59C: poppler_page_render (poppler-page.cc:437)
==7035==    by 0x8098DF3: pdf_document_file_exporter_do_page(_EvFileExporter*,
_EvRenderContext*) (ev-poppler.cc:1663)
==7035==    by 0x8096B79: ev_file_exporter_do_page (ev-file-exporter.c:61)
==7035==    by 0x805E781: ev_job_print_run (ev-jobs.c:678)
==7035==    by 0x805D9F4: handle_job (ev-job-queue.c:137)
==7035==    by 0x805DEAB: ev_render_thread (ev-job-queue.c:255)
==7035==    by 0x4B6A77E: g_thread_create_proxy (gthread.c:634)
==7035==    by 0x4C4153A: start_thread (in /lib/libpthread-2.6.90.so)
==7035==    by 0x4D260ED: clone (in /lib/libc-2.6.90.so)
Comment 2 Kjartan Maraas 2007-09-24 05:43:29 EDT
Trying to print the same document with current rawhide gives this backtrace:

Distribution: Fedora release 7.91 (Rawhide)
Gnome Release: 2.20.0 2007-09-17 (Red Hat, Inc)
BugBuddy Version: 2.20.0

System: Linux 2.6.23-0.195.rc7.git3.fc8 #1 SMP Sat Sep 22 08:33:35 EDT 2007 i686
X Vendor: The X.Org Foundation
X Vendor Release: 10300000
Selinux: No
Accessibility: Enabled
GTK+ Theme: Nodoka
Icon Theme: Fedora

Memory status: size: 119353344 vsize: 119353344 resident: 78176256 share:
15441920 rss: 78176256 rss_rlim: 4294967295
CPU usage: start_time: 1190626335 rtime: 2657 utime: 2409 stime: 248 cutime:0
cstime: 0 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evince'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1208633568 (LWP 2934)]
[New Thread -1211995248 (LWP 2935)]
0x0012d402 in __kernel_vsyscall ()
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x00e08c73 in poll () from /lib/libc.so.6
#2  0x00c36573 in g_main_context_iterate (context=0x8d1f328, block=1, 
    dispatch=1, self=0x8cf7648) at gmain.c:2996
#3  0x00c368e9 in IA__g_main_loop_run (loop=0x8d55e78) at gmain.c:2898
#4  0x006a3954 in IA__gtk_main () at gtkmain.c:1144
#5  0x08086a20 in main (argc=2, argv=) at main.c:383
#6  0x00d56320 in __libc_start_main () from /lib/libc.so.6
#7  0x0805a9d1 in _start ()

Thread 2 (Thread -1211995248 (LWP 2935)):
#0  0x0012d402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00d3447b in waitpid () from /lib/libpthread.so.0
No symbol table info available.
#2  0x00c64967 in IA__g_spawn_sync (working_directory=0x0, argv=0x93e49f0, 
    envp=0x0, flags=G_SPAWN_SEARCH_PATH, child_setup=0, user_data=0x0, 
    standard_output=0x0, standard_error=0x0, exit_status=0x0, 
    error=0xb7c23678) at gspawn.c:364
	outpipe = -1
	errpipe = -1
	pid = 2939
	fds = {__fds_bits = {13427224, 148543968, 4, -1212009080, 12913297, 
    8, 148543968, 4, 13427224, 148543968, 4, -1212008968, 12900947, 
    148543968, 12822624, 0, 12907074, 147815688, 64, 1708282130, 0, 15284992, 
    52, 9, -1212008988, -1212008984, 155077104, 3, 0, 12727844, 148543968, 
    155081159}}
	ret = <value optimized out>
	outstr = (GString *) 0x0
	errstr = (GString *) 0x0
	failed = 0
	status = <value optimized out>
	__PRETTY_FUNCTION__ = "IA__g_spawn_sync"
#3  0x00c64c7c in IA__g_spawn_command_line_sync (
    command_line=0x93e59a0 "bug-buddy --appname=\"evince\" --pid=2934", 
    standard_output=0x0, standard_error=0x0, exit_status=0x0, 
    error=0xb7c23678) at gspawn.c:672
	retval = 0
	argv = (gchar **) 0x93e49f0
	__PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync"
#4  0x017702f0 in ?? () from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
No symbol table info available.
#5  0x017705e6 in ?? () from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
No symbol table info available.
#6  0x01770a13 in google_breakpad::ExceptionHandler::InternalWriteMinidump ()
   from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
No symbol table info available.
#7  0x01770f1e in google_breakpad::ExceptionHandler::HandleException ()
   from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
No symbol table info available.
#8  <signal handler called>
No symbol table info available.
#9  0x01bf5b61 in FT_Get_PS_Font_Info (face=0x93c2810, afont_info=0xb7c24e88)
    at /usr/src/debug/freetype-2.3.5/src/base/fttype1.c:39
	module = (FT_Module) 0x0
	_tmp_ = <value optimized out>
	error = <value optimized out>
#10 0x00b7bbf9 in _cairo_type1_subset_init (type1_subset=0xb7c24f30, 
    name=0xb7c24f78 "CairoFont-6-0", scaled_font_subset=0xb7c24ff0, 
    hex_encode=1) at cairo-type1-subset.c:123
	font = <value optimized out>
	status = <value optimized out>
	length = <value optimized out>
	i = <value optimized out>
#11 0x00b67fa4 in _cairo_ps_surface_emit_unscaled_font_subset (
    font_subset=0xb7c24ff0, closure=0xb6500e10) at cairo-ps-surface.c:376
	status = <value optimized out>
#12 0x00b7a71e in _cairo_sub_font_collect (entry=0x90852d0, 
    closure=0xb7c25070) at cairo-scaled-font-subsets.c:400
	subset = {scaled_font = 0x9412c38, font_id = 6, subset_id = 0, 
  glyphs = 0x9479000, to_unicode = 0x914a980, num_glyphs = 9, 
  is_composite = 0}
	i = 0
	j = 0
	__PRETTY_FUNCTION__ = "_cairo_sub_font_collect"
#13 0x00b4b07c in _cairo_hash_table_foreach (hash_table=0xb6511550, 
    hash_callback=0xb7a640 <_cairo_sub_font_collect>, closure=0xb7c25070)
    at cairo-hash.c:562
	i = 30
	entry = (cairo_hash_entry_t *) 0xb7c24e88
#14 0x00b7a5d3 in _cairo_scaled_font_subsets_foreach_internal (
    font_subsets=0xb6557828, 
    font_subset_callback=0xb67f10 <_cairo_ps_surface_emit_unscaled_font_subset>,
closure=0xb6500e10, is_scaled=0) at cairo-scaled-font-subsets.c:636
	collection = {glyphs = 0x9479000, glyphs_size = 64, max_glyph = 8, 
  num_glyphs = 9, subset_id = 0, 
  font_subset_callback = 0xb67f10 <_cairo_ps_surface_emit_unscaled_font_subset>,
font_subset_callback_closure = 0xb6500e10}
#15 0x00b68641 in _cairo_ps_surface_finish (abstract_surface=0xb6500e10)
    at cairo-ps-surface.c:730
	now = 1190626369
	comments = (char **) 0x0
	i = <value optimized out>
	num_comments = 0
	status = <value optimized out>
	status2 = <value optimized out>
	i = <value optimized out>
	num_comments = <value optimized out>
	comments = <value optimized out>
#16 0x00b57873 in *INT_cairo_surface_finish (surface=0xb6500e10)
    at cairo-surface.c:504
	status = <value optimized out>
#17 0x00b57920 in *INT_cairo_surface_destroy (surface=0xb6500e10)
    at cairo-surface.c:401
	__PRETTY_FUNCTION__ = "cairo_surface_destroy"
#18 0x00b61cce in _cairo_paginated_surface_finish (
    abstract_surface=0xb6541398) at cairo-paginated-surface.c:147
	status = CAIRO_STATUS_NO_MEMORY
#19 0x00b57873 in *INT_cairo_surface_finish (surface=0xb6541398)
    at cairo-surface.c:504
	status = <value optimized out>
#20 0x00b57920 in *INT_cairo_surface_destroy (surface=0xb6541398)
    at cairo-surface.c:401
	__PRETTY_FUNCTION__ = "cairo_surface_destroy"
#21 0x00b4a925 in _cairo_gstate_fini (gstate=0xb6525480) at cairo-gstate.c:172
No locals.
#22 0x00b43c2f in *INT_cairo_destroy (cr=0xb6525460) at cairo.c:270
	__PRETTY_FUNCTION__ = "cairo_destroy"
#23 0x08099aec in pdf_print_context_free (ctx=0xb65576b8)
    at ev-poppler.cc:1505
No locals.
#24 0x08099b45 in pdf_document_file_exporter_end (exporter=0x8fe3000)
    at ev-poppler.cc:1718
No locals.
#25 0x08097833 in ev_file_exporter_end (exporter=0x8fe3000)
    at ev-file-exporter.c:69
No locals.
#26 0x0805ea97 in ev_job_print_run (job=0x9218a30) at ev-jobs.c:911
	n_pages = 13826352
	j = -1211997496
	page = 52
	step = 1
	document = (EvDocument *) 0x8fe3000
	fc = {format = EV_FILE_FORMAT_PS, 
  filename = 0xb651d990 "/tmp/evince_print.ps.92V5YT", first_page = 0, 
  last_page = 51, paper_width = 595.27559055118115, 
  paper_height = 841.88976377952758, duplex = 0, pages_per_sheet = 1}
	fd = 21
	last_page = 51
	first_page = 0
	i = 1
	__PRETTY_FUNCTION__ = "ev_job_print_run"
#27 0x0805db84 in handle_job (job=0x9218a30) at ev-job-queue.c:140
	__PRETTY_FUNCTION__ = "handle_job"
#28 0x0805e06c in ev_render_thread (data=0x0) at ev-job-queue.c:263
	job = (EvJob *) 0x9218a30
#29 0x00c5669f in g_thread_create_proxy (data=0x8d621d8) at gthread.c:635
	__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#30 0x00d2c53b in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#31 0x00e12d0e in clone () from /lib/libc.so.6
No symbol table info available.

Thread 1 (Thread -1208633568 (LWP 2934)):
#0  0x0012d402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00e08c73 in poll () from /lib/libc.so.6
No symbol table info available.
#2  0x00c36573 in g_main_context_iterate (context=0x8d1f328, block=1, 
    dispatch=1, self=0x8cf7648) at gmain.c:2996
	got_ownership = <value optimized out>
	max_priority = 2147483647
	timeout = 499
	some_ready = <value optimized out>
	nfds = 11
	allocated_nfds = <value optimized out>
	fds = (GPollFD *) 0x9245cb0
	__PRETTY_FUNCTION__ = "g_main_context_iterate"
#3  0x00c368e9 in IA__g_main_loop_run (loop=0x8d55e78) at gmain.c:2898
	got_ownership = 13820784
	self = (GThread *) 0x8cf7648
	__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#4  0x006a3954 in IA__gtk_main () at gtkmain.c:1144
	tmp_list = (GList *) 0x8d586c0
	functions = (GList *) 0x0
	init = (GtkInitFunction *) 0x0
	loop = (GMainLoop *) 0x8d55e78
#5  0x08086a20 in main (argc=2, argv=) at main.c:383
	enable_metadata = 1
	context = <value optimized out>
	args = (GHashTable *) 0x8d4d180
	program = (GnomeProgram *) 0x8d00810
#6  0x00d56320 in __libc_start_main () from /lib/libc.so.6
No symbol table info available.
#7  0x0805a9d1 in _start ()
No symbol table info available.
#0  0x0012d402 in __kernel_vsyscall ()
The program is running.  Quit anyway (and detach it)? (y or n) [answered Y;
input not from terminal]


----------- .xsession-errors ---------------------
warning: Missing the separate debug info file:
/usr/lib/debug/.build-id/64/f1e9e057af5b12a3525acb3df2295d6fcf48f1.debug
warning: Missing the separate debug info file:
/usr/lib/debug/.build-id/3e/135c90d4aa950b46a6266072c4b572251c609a.debug
warning: Missing the separate debug info file:
/usr/lib/debug/.build-id/2f/cb4fc2fda39d03cc8d8242d93dbde43e6aa7ca.debug
warning: Missing the separate debug info file:
/usr/lib/debug/.build-id/e0/b4ba00b534214136fef69b5f340bb6f3c5cb9f.debug
warning: Missing the separate debug info file:
/usr/lib/debug/.build-id/e4/c3c2bf6e0ed4750bd3237b09f964ab08e0bad2.debug
warning: Missing the separate debug info file:
/usr/lib/debug/.build-id/f5/e8d950ee592563acd93abc8df5e54c8d7b8cf9.debug
warning: Missing the separate debug info file:
/usr/lib/debug/.build-id/59/4465e86a61c44bbff5c91cabc4b9bf89cf2329.debug
Cannot access memory at address 0xf
Cannot access memory at address 0xf
--------------------------------------------------
Comment 3 Bug Zapper 2008-04-04 09:42:53 EDT
Based on the date this bug was created, it appears to have been reported
during the development of Fedora 8. In order to refocus our efforts as
a project we are changing the version of this bug to '8'.

If this bug still exists in rawhide, please change the version back to
rawhide.
(If you're unable to change the bug's version, add a comment to the bug
and someone will change it for you.)

Thanks for your help and we apologize for the interruption.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
Comment 4 Kjartan Maraas 2008-04-07 08:56:27 EDT
Couldnt't reproduce this here with rawhide.

Note You need to log in before you can comment on or make changes to this bug.